North Korean hackers may hold 900+ crypto jobs, ZachXBT warns

North Korean hackers are using increasingly creative methods to infiltrate the crypto industry, exposing a significant and growing risk factor.

Hackers sponsored by the North Korean regime represent some of the most serious cybersecurity threats in the digital asset space. On Wednesday, June 2, crypto investigator ZachXBT suggested that North Korean operatives may have already infiltrated between 345 and 920 jobs in the crypto industry.

According to ZachXBT, crypto firms have paid at least $16.58 million to North Korean IT workers since the start of the year. At a monthly payroll rate of $2.76 million and assuming individual salaries range from $3,000 to $8,000, this suggests a minimum of 345 North Korean-linked employees, with the actual number possibly as high as 920.

Compounding the threat, these workers often refer other North Koreans into the same companies. Many exhibit clear red flags, including discrepancies such as Russian IP addresses despite claiming U.S. residency, failed KYC checks, and frequent GitHub username changes.

To boost his case, the investigator found one specific IT worker from North Korea, revealing his on-chain and real-life information. The IT worker, Sandy Nguyen, was spotted with a group of North Koreans at an event in Russia.

North Korean hackers are becoming more sophisticated

These operatives are not simply working freelance to earn income. In several cases, they have used insider roles to exploit crypto projects, gaining privileged access that enables hacks or rug pulls. This insider positioning makes them particularly dangerous to the industry.

ZachXBT warns that crypto firms must remain vigilant against such threats. In particular, he highlighted that North Korean actors increasingly control verified accounts on major U.S. exchanges like Robinhood and Coinbase. He also noted their growing ability to bypass KYC and AML procedures designed to prevent exactly this kind of infiltration.